Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SignOut loop in v2.5.0 #2095

Closed
michiproep opened this issue Mar 1, 2023 · 5 comments
Closed

SignOut loop in v2.5.0 #2095

michiproep opened this issue Mar 1, 2023 · 5 comments
Labels
Microsoft Identity Web UI question Further information is requested v2.x
Milestone
2.9.0

Comments

@michiproep
Copy link

Microsoft.Identity.Web Library

Microsoft.Identity.Web.UI

Microsoft.Identity.Web version

2.5.0

Web app

Sign-in users

Web API

Protected web APIs (validating tokens)

Token cache serialization

In-memory caches

Description

Calling the SignOut endpoint in Web.UI controller preveously worked just fine.
With upgrade to 2.5.0 my app get's stuck in a logout-redirect-loop.
There are no overrides in the config to the signout-, etc. properties.

Reproduction steps

Use
Sign out

Ends up in loop.

Error message

No response

Id Web logs

No response

Relevant code snippets

<a class="nav-link text-dark btn btn-sm btn-outline-secondary" asp-area="MicrosoftIdentity" asp-controller="Account" asp-action="SignOut">Sign out</a>

Regression

1.26.0

Expected behavior

User get's signed out. No loop.
@michiproep michiproep added the question Further information is requested label Mar 1, 2023
@michiproep
Copy link
Author

May-be, this is related? #1558

@tasha-rooney-ul
Copy link

tasha-rooney-ul commented Mar 14, 2023
edited
Loading

I'm having the same issue with the Azure B2C sample which was recently upgraded to v2.5.0. Did you find an alternative solution other than regressing the version?

@alexdulemba
Copy link

So far I've only seen that using version 1.26.0 solves the issue. Interestingly though, if you specify a custom "SignedOutCallbackPath" in appsettings.json, it will redirect from that back to Microsoft's Web.UI signed out page. Maybe this is a related issue?

@alexdulemba
Copy link

alexdulemba commented Apr 5, 2023
edited
Loading

A workaround for now that seems to work: creating your own AccountController with SignIn and SignOut methods instead of using MicrosoftIdentity.AccountController SignIn and SignOut methods. Carlos Ortega's answer here provides an example. You can then set a custom URI for a signout page to be redirected to without loops. Also make sure that there is no value set in appsettings.json for the SignedOutCallbackPath key.

@jennyf19 jennyf19 mentioned this issue Apr 6, 2023
Closed
@jennyf19 jennyf19 added this to the 2.9.0 milestone Apr 14, 2023
@jennyf19
Copy link
Collaborator

We've applied a workaround in 2.9.0 which should address the issue. The root cause is a breaking change in ASP.NET Core 6 with the Razor pages.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Microsoft Identity Web UI question Further information is requested v2.x
Projects
None yet
Milestone
2.9.0
Development

No branches or pull requests
4 participants
@michiproep @jennyf19 @tasha-rooney-ul @alexdulemba